On the heels of platform virtualization comes the proliferation of containers – compartmentalized applications aimed at achieving greater efficiency in packaging, delivering and managing applications. With platform-level virtualization adoption still maturing, the rise of app level virtualization and isolation over shared platform resources is already intriguing many dev shops who are looking in greater efficiencies around environment management and deployment. Security concerns are abound, particularly as the theme of true isolation and priv escalation haunt many early instances of containers. During this talk we’ll look at threat modeling vignettes based upon current implementations and industry use cases around Containers as a Service. We’ll explore viable threat patterns around deploying and using containers as well as current and evolving countermeasures for threat mitigation.
This talk will employ risk centric approaches to threat modeling around containers and tie in many of the more current threat and countermeasures covered from Docker15. The risk centric threat modeling approach will tie in well to security by design intents being fostered into evolving container related controls. This talk will not address in general the general precepts around threat modeling but rather dive into a few deployment scenarios around containers that have been analyzed for viable threat motives, supporting attack patterns, and effective countermeasure options for risk reduction.